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P^cexving, fr 
delegate to ass 



method tomprising: 

3m a delegator, a designation of a role and 
utne the role; 



receiving, fr 
indication that th 
issuing a del 
the indication. 

2 . The metho 
credential compris 



om a credential service provider, an 
B designation is valid; and 

sgation credential in response to receiving 



i of claim 1, wherein the delegation 
s encoded delegation information. 



3. The method of claim 1, wherein the delegation 
credential allows the delegate to assume the role. 



4. The method! of claim 1, further comprising: 
issuing a confirmation to the delegator which indicates 
that the delegation jcredential was issued. 



5. The method of claim 1, wherein the delegator can 
delegate multiple functions, the role comprising one of the 
multiple functions. 1 
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6. The method of aim 1, wherein the delegation 
credential is issued to and stored by at least one of the 
delegate and a credentia . service provider. 

7. The method of claim 6, wherein the credential service 
provider receives a digital credential from the delegate and 
an access requirement fiom a relying party and determines if 
the digital credential is valid for the access requirement. 

8. The method of :laim 7, wherein the credential service 



provider determines if 
corresponds to the acce 



delegation credential that corresponds to the access 



requirement to the dele 



9. The method of 
credentials correspond 



there is a delegation credential that 
ss requirement and provides the 



gate . 



claim 8, wherein multiple delegation 
to the access requirement and the 
credential service pro-\}-ider provides the multiple delegation 
credentials to the deltigate. 



which of the multiple 
access requirement and 



10. The method of claim 9, wherein the delegate selects 

elegation credentials to use for the 
the credential service provider 
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provides a selected dejlegation credential to the relying 
party. 

11. A method comprising: 

receiving a reque|st from a delegate for access to a 
service; 



obtaining delegat 
determining whic 



ion credentials for the delegate; 
of the delegation credentials 
correspond to access /requirements for the service; and 

providing the delegation credentials that correspond to 
the access requirements. 



12. The method 



of claim 11, further comprising: 



receiving a digi.tal credential from the delegate; and 



determining if t 



le digital credential corresponds to 



access requirements ^or the service; 

wherein, if the digital credential does not correspond to 
the access requirements for the service, the method performs 
the obtaining, determining and providing, 



13. The method olf claim 11, further comprising: 
receiving, from tne delegate, a selected one of the 

delegation credentials \that correspond to the access 

requirements; and 
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using the selected one of the delegation cr?edentials to 
access the service. / 

14. The method of claim 13, further comprising: 
verifying validity of the selected one of the delegation 

credentials prior to using the seleoced one of the delegation 
credentials to access the service/ 

15. The method of claimAs, further comprising: 
receiving a statement iridicating that the selected one of 

the digital credentials ias valid prior to using the selected 
one of the delegation credentials to access the service. 

16. A method ofomprising: 

receiving, f/om a delegate, a value corresponding to a 
confirmation coele and an identifier, the confirmation code and 
the identifier corresponding to a delegator; 

identifying the delegator using at least one of the 
identifier and the confirmation code; and 

aasigning, to the delegate, a delegation credential that 
corresponds to the delegator. 
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The method 
ng the delegat 
aintained by a dele 



(^vw^storii 



claim 16, further comprising: 
o the delegator indicating that the 
n assigned. 

of claim 16, further comprising: 
ion credential in a database 



gat ion service provider, 



19. The method 
comprises checking a 
the delegator. 



of claim 16, wherein identifying 

hash of the confirmation code to identify 



20. A method ccmprising: 

receiving, from a delegate, a delegation request for a 
role of the delegator; 

receiving a valup corresponding to a confirmation code 
from the delegate; 

receiving, from lj;he delegator, a request for outstanding 
delegation requests; 

requesting approvlal from the delegator of an outstanding 
delegation request from the delegate; and 



receiving the con 
response to requesting 



irmation code from the delegator in 
approval . 
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21. The metho 



confirming the 



1 of cl 



aim 20, further comprising; 



approval of the outstanding delegation 



request using the confirmation code. 



22. The metho 
receiving a dig 
confirming tha 
digital credential 



23. An article; 
stores executable i 

receive, from 
delegate to assume 



of claim 21, further comprising: 
ital credential from the delegator; and 

the received digital credential matches a 
f the delegator. 



comprising a machine-readable medium that 
structions that cause a machine to: 
delegator, a designation of a role and a 
the role; 

receive, from a credential service provider, an 
indication that the (kesignation is valid; and 

issue a delegatijon credential in response to receiving 
the indication. 



24. The article lof claim 23, wherein the delegation 
credential comprises encoded delegation information. 



25. The article df claim 23, wherein the delegation 
credential allows the delegate to assume the role. 
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26. The article of claim 23, further comprising 
instructions that cause the machine to: 

issue a confirmation to the delegator which indicates 
that the delegation credential was issued. 



27. The article oi 
delegate multiple functi 
multiple functions. 

28. The article oj^ 
credential is issued to 
delegate and a credentic 



claim 23, wherein the delegator can 
ons, the role comprising one of the 



claim 23, wherein the delegation 
and stored by at least one of the 
1 service provider. 



29. An article comprising a machine-readable medium that 
stores executable instructions that cause a machine to: 
receive a request f i om a delegate for access to a 



service; 

obtain delegation cr 
determine which of t 

to access requirements fo 
provide the delegati 

access requirements. 



dentials for the delegate; 

le delegation credentials correspond 

the service; and 
n credentials that correspond to the 



I 
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30. The article of claim 29, further comprising 
instructions that causje the machine to: 



receive a digital 
determine if the 



credential from the delegate; and 
digital credential corresponds to access 



dig 



requirements for the sjervice; 

wherein, if the 
the access requirementls 
determining and provid 



31. The article 



ital credential does not correspond to 
for the service, obtaining, 
ing are performed. 



of claim 29, further comprising 
e the machine to: 



instructions that caus 

receive, from the delegate, a selected one of the 
delegation credentials | that correspond to the access 
requirements; and 

use the selected d|ne of the delegation credentials to 
access the service. 

32. The article of claim 31, further comprising 

the machine to: 

the selected one of the delegation 
ig the selected one of the delegation 
5 service. 



instructions that cause 
verify validity of 
credentials prior to usi 
credentials to access th 
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33. The article 



of claim 31, further comprising 



instructions that cause the machine to: 

receive a statem^snt indicating that the selected one of 
the digital credentia .s is valid prior to using the selected 
one of the delegation credentials to access the service. 



34. An article 



stores executable in 
I receive, from a 



St 




confirmation code anc 



identify the de 
identifier and the c 



comprising a machine-readable medium that 
ructions that cause a machine to: 



delegate, a value corresponding to a 
an identifier, the confirmation code and 
the identifier corresponding to a delegator; 

egator using at least one of the 
firmation code; and 



5ni 



assign, to the 
corresponds to the d 



delegate, a delegation credential that 
legator. 



35. The articLi^^'S^claim 34, further comprising 
instructions that cjauseAthe machine to: 



send a message 



to phe delegator indicating that the 



delegation credentia^l^as been assigned. 



inst/ructions that cause 




The article of claim 34, further comprising 



the machine to; 
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receive, from a 
of the delegator; 

receive a value 
the delegate; 

receive, from t 
delegation requests; 

request approva 
delegation request f 

receive the con 
response to requesti 



store the delegation credential in a database maintained 
by a delegation service provider. 

37. The articlp of claim 34, wherein identifying 
comprises checking a hash of the confirmation code to identify 
the delegator 

38. An article comprising a machine-readable medium that 
stores executable inlstructions that cause a machine to: 



delegate, a delegation request for a role 

corresponding to a confirmation code from 

he delegator, a request for outstanding 

L from the delegator of an outstanding 
:om the delegate; and 

;:irmation code from the delegator in 
rg approval. 



39. The article 



of claim 38, further comprising 



instructions that cause the machine to: 

confirm the approval of the outstanding delegation 
request using the confp.rmation code. 
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40. The article or claim 39, further comprising 

instructions that eause the machine to: 

receive digital credential from the delegator; and 
corrgarm that the received digital credential matches a 

digital credential of the delegator. 



